The original Siemens bootlader contains the code for BOST - the Simpad's Built-in Onboard Self Test routines. BOST even has an option to programme the fabdata string(s) - in answer to Digi's question this is how it can be done !

Not sure if you can access BOST using the standard Siemens 2.4 or 2.5.3 bootloaders. I managed to get BOST running by simply changing one byte of the 2.4 bootloader code, and then reflashing the modified 2.4 bootloader into my Simpad.

Instructions to follow (first I want to have a look at the test commands:-)

These items look very familiar!!! I saw most of them looking at the bootloaders with a hex-editor, and thats what made me post the question with the extended commands. Veeery interesting!

Digi

QUOTE(fladda @ Mar 15 2006, 03:07 PM)

The original Siemens bootlader contains the code for BOST - the Simpad's Built-in Onboard Self Test routines. BOST even has an option to programme the fabdata string(s) - in answer to Digi's question this is how it can be done !

Not sure if you can access BOST using the standard Siemens 2.4 or 2.5.3 bootloaders. I managed to get BOST running by simply changing one byte of the 2.4 bootloader code, and then reflashing the modified 2.4 bootloader into my Simpad.

Instructions to follow (first I want to have a look at the test commands:-)

Would make sense to change the 'q' to a 'b'. Then exiting from the monitor menu would take you straight into the BOST routines.

I will re-modify the code just to be sure, and then post the instructions how to modify the Siemens bootloader...

Ralph

QUOTE(Digi @ Mar 15 2006, 05:57 PM)

These items look very familiar!!! I saw most of them looking at the bootloaders with a hex-editor, and thats what made me post the question with the extended commands. Veeery interesting!

Digi

fladda

Mar 15 2006, 11:43 AM

WARNING - THIS MODIFICATION MIGHT 'BRICK' YOUR SIMPAD. UNTIL THIS HAS BEEN VERIFIED I WOULD STRONGLY RECOMMEND THAT LOADING A MODIFIED BOOTLOADER INTO YOUR SIMPAD SHOULD ONLY BE UNDERTAKEN BY PEOPLE WHO KNOW HOW TO USE JTAG TO RECOVER THE BOOT LOADER.

OK to get the BOST code to run from the Siemens monitor menu.

1. Find a copy of the original Siemens bootloader version 2.4 "loader_bl".

2. Change the byte at offset address:-

0x0016b4 from 0x71 ("q") to 0x62 ("b") (this is the important bit)

000016B4 CMPNE R0,#&71 changes to CMPNE R0,#&62

3. Then change the string at offset 0x01d820 (in the text near the end of the file)

6. Assuming that the Simpad already had the Siemens 2.4 or 2.5.3 bootloader installed. Connect up the serial cable to a terminal (I use Hyperterminal on a win98 PC) at 38.4kb 8N1 hardware handshaking.

7. Reset the Simpad and get the monitor menu. If monitor menu does not appear, then continuously press the 'escape' key on the PC keyboard whilst you reset the Simpad. Alternatively hold the lower key down on the Simpad whilst you press the reset key - this will bring up the monitor menu.

8. Enter the extended command 'x'.

9. Type 'e' and then 'b' which should being up the menu to erase the existing boot image. Type 'y' to erase. Note that this does not appear to erase the master boot file from the 16-bit part of the Simpad's flash. When you reset the Simpad, it will re-load the boot image.

Some of the commands appear to be vaguely useful, especially if you have a Simpad that has an unresolved problem (like one of mine:-().

A similar 'modification' will probably also work for the Siemens 2.5.3 bootloader, although I've not tried this yet. Note that I've found that the original Siemens rev. 2.4 bootloader to be easier to use for loading images, as the 2.4 bootloader never has a problem 'seeing' the incoming serial data. I often have to do 20-30 resets in succession with the 2.5.3 loader before it 'sees' that there is a serload 'in progress'. I suspect that this has caused many people to believe that their Simpad is 'bricked' !

And for all I know you can enter BOST directly without modifying the bootloader. If anybody knows how to do this, then please do let us know...

Hope that somebody out there finds this useful...

Ralph

Digi

Mar 15 2006, 12:00 PM

Is it really necessary to erase the bootstrap first? Can't you just load the modified bootloader with serload?

As for entering BOST other than that... I'm sure there is a back door, like a string of extended commands in a certain order or something like that. But on the other hand, your method is easy enough not to worry about that anymore.

Do you think, with the new commands at our disposal now, there is an easy way toreplace a PBL 1.4 with 2.4? I'm upgrading 16/32MB Simpads to 32/64, and this is always a pain in the butt.

Digi

QUOTE(fladda @ Mar 15 2006, 08:43 PM)

8. Enter the extended command 'x'.

9. Type 'e' and then 'b' which should being up the menu to erase the existing boot image. Type 'y' to erase. Note that this does not appear to erase the master boot file from the 16-bit part of the Simpad's flash. When you reset the Simpad, it will re-load the boot image.

Some of the commands appear to be vaguely useful, especially if you have a Simpad that has an unresolved problem (like one of mine:-().

A similar 'modification' will probably also work for the Siemens 2.5.3 bootloader, although I've not tried this yet. Note that I've found that the original Siemens rev. 2.4 bootloader to be easier to use for loading images, as the 2.4 bootloader never has a problem 'seeing' the incoming serial data. I often have to do 20-30 resets in succession with the 2.5.3 loader before it 'sees' that there is a serload 'in progress'. I suspect that this has caused many people to believe that their Simpad is 'bricked' !

And for all I know you can enter BOST directly without modifying the bootloader. If anybody knows how to do this, then please do let us know...

Hope that somebody out there finds this useful...

Ralph

fladda

Mar 15 2006, 12:40 PM

>Is it really necessary to erase the bootstrap first? Can't you just load the modified >bootloader with serload?

I get a memory overlap error when I try serial loading things using the 2.4 bootloader. However this might be something wrong with the Simpad that I'm using, as I still haven't worked out why it won't work after flashing it with a WinCE 4.1 image (I suspect a damaged flash chip:-()

>As for entering BOST other than that... I'm sure there is a back door, like a string of >extended commands in a certain order or something like that. But on the other hand, >your method is easy enough not to worry about that anymore.

I did have quick look in the 2.4 bllotloader code for this. Could be there, but I couldn't find it. However I didn't look very hard or far...

>Do you think, with the new commands at our disposal now, there is an easy way to>replace a PBL 1.4 with 2.4? I'm upgrading 16/32MB Simpads to 32/64, and this is >always a pain in the butt.

Sorry I have no experience of the older Simpads. Most of the BOST commands are for test purposes, and few if any actually modify the flash. Are you currently using JTAG for to get the bootloaders into the modified Simpads ?

Ralph

Digi

Mar 15 2006, 12:46 PM

I go via blupdater.img, but that way I loose the FabData (which I can restore now, thanks ;-))

QUOTE(fladda @ Mar 15 2006, 09:40 PM)

Sorry I have no experience of the older Simpads. Most of the BOST commands are for test purposes, and few if any actually modify the flash. Are you currently using JTAG for to get the bootloaders into the modified Simpads ?

Ralph

fladda

Mar 15 2006, 02:42 PM

Well I reloaded the 4.1 WinCE image onto my Simpad using the modified 2.4 bootloader, and the bootloader is now shown as corrupt. However this Simpad has a fault somewhere so I'm not sure if this is anything to do with my modified bootloader or not !

After loading WinCE 4.1 image via serload I reset the Simpad and got:-

Therefore, I strongly recommend that only those people with JTAG ports, cables and knowledge should attempt to load a modified boot-loader into their Simpads. At least until this has been tested a bit more.

Ralph

fladda

Mar 16 2006, 02:55 PM

Tonight I managed to get the same corrupt bootloader message after re-loading the original Siemens 2.4 boot-loader with JTAG. So I'm pretty sure that the corrupt bootloader message is being caused by a corrupt flash EEPROM chip on this Simpad, and does not appear to be anything to do with the modified bootloader. That said, I would still recommend that only experienced JTAGers try the modified bootloader until it is proved to be 'safe'.

Since then I have successfully loaded my modified bootloader onto another Simpad, and this Simpad SL then successfully booted OK into WinCE 4.1 several times without incident.

I then went back and wrote the FabData string into this second Simpad using the BOST 'fs' (fabdata serial write) command. This was successful, but appeared to somehow corrupt the 4.1 WinCE image, as the next time the Simpad was reset I just got a continuous 'tartan reset' screen, with no sign of WinCE 4.1 appearing.

Ralph

Digi

Mar 17 2006, 01:13 PM

I modified my "SLC" (upgraded Swisscom) runnig on the english 4.1 and wrote the original FabData (C420...) without any problems. I made a mistake once en route though and found the PBL replaced my modified BL because of that. So the PBL needs to be modified, too. For the simpadSL.rom look at offsets 0x24B4 and 0x1E620.

Digi

QUOTE(fladda @ Mar 16 2006, 11:55 PM)

Tonight I managed to get the same corrupt bootloader message after re-loading the original Siemens 2.4 boot-loader with JTAG. So I'm pretty sure that the corrupt bootloader message is being caused by a corrupt flash EEPROM chip on this Simpad, and does not appear to be anything to do with the modified bootloader. That said, I would still recommend that only experienced JTAGers try the modified bootloader until it is proved to be 'safe'.

Since then I have successfully loaded my modified bootloader onto another Simpad, and this Simpad SL then successfully booted OK into WinCE 4.1 several times without incident.

I then went back and wrote the FabData string into this second Simpad using the BOST 'fs' (fabdata serial write) command. This was successful, but appeared to somehow corrupt the 4.1 WinCE image, as the next time the Simpad was reset I just got a continuous 'tartan reset' screen, with no sign of WinCE 4.1 appearing.

I modified my "SLC" (upgraded Swisscom) runnig on the english 4.1 and wrote the original FabData (C420...) without any problems. I made a mistake once en route though and found the PBL replaced my modified BL because of that. So the PBL needs to be modified, too. For the simpadSL.rom look at offsets 0x24B4 and 0x1E620.

Digi

QUOTE(fladda @ Mar 16 2006, 11:55 PM)

Tonight I managed to get the same corrupt bootloader message after re-loading the original Siemens 2.4 boot-loader with JTAG. So I'm pretty sure that the corrupt bootloader message is being caused by a corrupt flash EEPROM chip on this Simpad, and does not appear to be anything to do with the modified bootloader. That said, I would still recommend that only experienced JTAGers try the modified bootloader until it is proved to be 'safe'.

Since then I have successfully loaded my modified bootloader onto another Simpad, and this Simpad SL then successfully booted OK into WinCE 4.1 several times without incident.

I then went back and wrote the FabData string into this second Simpad using the BOST 'fs' (fabdata serial write) command. This was successful, but appeared to somehow corrupt the 4.1 WinCE image, as the next time the Simpad was reset I just got a continuous 'tartan reset' screen, with no sign of WinCE 4.1 appearing.

Ralph

Digi

Mar 17 2006, 02:39 PM

reflashed CE alright! So if you change the FabData, for some reason you have to reflash Windows afterwards...

I modified my "SLC" (upgraded Swisscom) runnig on the english 4.1 and wrote the original FabData (C420...) without any problems. I made a mistake once en route though and found the PBL replaced my modified BL because of that. So the PBL needs to be modified, too. For the simpadSL.rom look at offsets 0x24B4 and 0x1E620.

Digi

QUOTE(fladda @ Mar 16 2006, 11:55 PM)

Tonight I managed to get the same corrupt bootloader message after re-loading the original Siemens 2.4 boot-loader with JTAG. So I'm pretty sure that the corrupt bootloader message is being caused by a corrupt flash EEPROM chip on this Simpad, and does not appear to be anything to do with the modified bootloader. That said, I would still recommend that only experienced JTAGers try the modified bootloader until it is proved to be 'safe'.

Since then I have successfully loaded my modified bootloader onto another Simpad, and this Simpad SL then successfully booted OK into WinCE 4.1 several times without incident.

I then went back and wrote the FabData string into this second Simpad using the BOST 'fs' (fabdata serial write) command. This was successful, but appeared to somehow corrupt the 4.1 WinCE image, as the next time the Simpad was reset I just got a continuous 'tartan reset' screen, with no sign of WinCE 4.1 appearing.

Ralph

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.